Hi,
I hope you are doing well.
Please let me know if you are looking for a job change and interested in the below position.
Job Title: GRC Security Analyst
Position Type: Contract
Location: Remote (CA Candidates only)
Visa: All
We need a mid-senior level Governance, Risk and Compliance (GRC) Security Analyst for a 6+ month contract for a public sector client in Long Beach, CA.
The GRC Security Analyst will plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The GRC security analysts will stay up-to-date on the latest cybersecurity intelligence, including hackers' methodologies, in order to modify standards and controls that govern cybersecurity across the enterprise.
Work is currently performed REMOTELY with the expectation that some work could be performed on-site in Long Beach in the future. Thus it would be preferable if the resource resides in the Western USA and ideally southern CA.
Essential Duties and Responsibilities:
1. Performing control assessments against cybersecurity framework
2. Perform review of policies and supporting procedures/processes
3. Perform assessments of adherence to standards
4. Work closely with management on security practices
5. Assess 3rd party vendors for adherence to standards
6. Develop routine reports in accordance with GRC metrics
7. Stay on top of changes in the industry as it relates to security
8. Other security-related projects that may be assigned according to skills
Required Knowledge and Attributes:
1. Strong preference of consulting background
2. Demonstrated experience working in a team environment
3. Strong analytical skills
4. Great time management
5. Demonstrated effective collaboration, comprehension and communication
Required Education and Experience:
1. Bachelor’s degree in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity
2. Possess current security certifications (e.g., CISM, SANS, CRISC, GSEC, etc…)
3. Strong 3-5 years of experience in building an Information Security Risk Management program
4. Understanding and familiarity with information system standards
5. Understanding and familiarity with cybersecurity frameworks (NIST, ISO, SANS Top 20, HiTrust, COBIT, etc )
6. Assist in maturing the Information Security Risk Management Program by helping to define an IS risk register which includes identifying threats and risks to the organization
7. Meet with business stakeholders to identify top security risks
8. Assist in performing IS self-assessments to ensure systems and applications are complying with corporate policies, applicable regulatory and legal requirements, and leading industry practices
9. Assist in developing and driving the implementation of security best practices and standards to mature the overall IS Risk Management Program which includes defining security system and application standards of control
10. Provide solutions to identified issues and risks
11. Works with the CISO to determine the acceptable level of risk for enterprise computing platforms
12. Liaise with key business divisions such as HR, IM, Communications, Finance, Security Services, Engineering, Risk Management, Maintenance, and others to identify new applications and service providers in use and the associated security controls to secure the data
13. Assist in performing Third Party Risk Assessments for new and existing vendor tools, on premise implementations, and third parties with access to the environment
14. Assist in maturing the Third Party Risk Management program by defining security controls based on tiers of vendors
15. Articulating identified risks to the business for remediation, mitigation and sign off
16. Investigates incidents and events that include potential PHI/PII and other data breaches, data leakage, brand reputational risks, malware propagation, system compromises etc
17. Mature the Data Loss Prevention Program by defining DLP rulesets in existing tools and review outputs to determine the appropriate action required
18. Assist with maturing the Data Governance Program which includes defining a Data Classification and Handling Program, identifying Data Owners, and assisting with the design and implementation of a Data Classification, Digital Rights Management and Data Loss Prevention tools
19. Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Data Governance Security Program and initiatives
20. Assist in the management and maintenance of the enterprise-wide IM Security Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops and newsletters
21. Assist in developing enterprise and functional team specific presentations to promote a security mindset
22. Work with the CISO to ensure the Information Security team stays abreast of new regulatory, legal and/or compliance data security requirements
23. Ensure compliance with applicable legal and regulatory requirements
24. Strong documentation and communications skills
25. Good communication (oral and written) skills
26. Proficiency with Microsoft suite of products (Teams, Word, Outlook, and Excel – required; Access and PowerPoint – preferred)
27. Proven success in the past